CVE-2016-1929

Published on: 01/20/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:05 PM UTC

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H

Certain versions of Hana from Sap contain the following vulnerability:

The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of service (disk consumption and process crash) via a crafted HTTP request, related to an unspecified debug function, aka SAP Security Note 2241978.

  • CVE-2016-1929 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as - currently rated as CRITICAL severity.

CVSS3 Score: 9.3 - CRITICAL

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
CHANGED NONE LOW HIGH

CVSS2 Score: 8.5 - HIGH

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE PARTIAL COMPLETE

CVE References

Description Tags Link
SAP Note Security Analysis -  January 2016 erpscan.io
text/html
URL Logo MISC erpscan.io/press-center/blog/sap-security-notes-january-2016-review/
Full Disclosure: [ERPSCAN-16-002] SAP HANA - log injection and no size restriction seclists.org
text/html
URL Logo FULLDISC 20160415 [ERPSCAN-16-002] SAP HANA - log injection and no size restriction
[ERPSCAN-16-002] SAP HANA - log injection and no size restriction erpscan.io
text/html
URL Logo MISC erpscan.io/advisories/erpscan-16-002-sap-hana-log-injection-and-no-size-restriction/

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationSapHana-AllAllAll
ApplicationSapHana-AllAllAll
  • cpe:2.3:a:sap:hana:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:sap:hana:-:*:*:*:*:*:*:*: